CVE-2024-52588

Medium CVSS: 4.9

Strapi is an open-source content management system. Prior to version 4.25.2, inputting a local domain into the Webhooks URL field leads to the application fetching itself, resulting in a server side request forgery (SSRF). This issue has been patched in version 4.25.2.

Vendor

Strapi

Product

Strapi

CWE

CWE-918

Yayın Tarihi

2025-05-29 09:15:25

Güncelleme

2025-06-24 18:27:42

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-918 Strapi MEDIUM Strapi 2025

Referanslar

https://github.com/strapi/strapi/security/advisories/GHSA-v8wj-f5c7-pvxf

Benzer Kayıtlar

Medium

CVE-2025-25298

Strapi is an open source headless CMS. The @strapi/core package before version 5.10.3 does not enforce a maximum passwor…

Medium

CVE-2025-53092

Strapi is an open source headless content management system. Strapi versions prior to 5.20.0 contain a CORS misconfigura…

High

CVE-2024-56143

Strapi is an open-source headless content management system. In versions from 5.0.0 to before 5.5.2, the lookup operator…